Research reveals where 95% of open source vulnerabilities lie

New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from this common practice. Open source vulnerabilities As just one example, the research reveals that 95% of all vulnerabilities are found in transitive dependencies – open-source code packages that developers do not select, but are indirectly pulled into projects.

Read full article on Help Net Security